we have all read the news lately, and we all have heard about Lulzsec and their escapades. We all know the opinion of the media and of the targeted companies. We know the opinion of Lulzsec (4 the lulz ), but what do you think of this?

i personally as a white-hat i don't agree with their actions (ofcourse), but i see it as a revolution in the security world. Never before has a team of hackers been this open about hacks and clearly they really did think this through.

Whats your opinion???

CISSP, CEH, ECSA, OSCP, OSWP, eCPPT, eWAPT

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

In their latest "press release" they seem to be expecting to be caught eventually and they really don't care. I wonder if they can really speak for the whole when they say that? Hm.

That is a good point about them being open about their hacks, which normal people don't typically hear about. My guess is in the underground the hacks are just as sensationalized, though I could be wrong.

The culture of Lulzsec saddens me because I feel it is a culture of people who have lots of potential that can't make proper use of it, and they need to express their frustration in a kind of cynical, fatalistic activism. Maybe I'm old fashioned, but I believe anyone with the kind of dedication, expertise and innovation it takes to do these hacks can really make a good life using their talents legally (and morally for that matter).

"Live as though you would die tomorrow, learn as though you would live forever."

They're finally able to open upper management's eyes as to how insecure everything really is. They're able to do what infosec pro's have been unable to do (not due to lack of ability, but due to management's lack of caring).

***Disclaimers about how LulzSec is doing illegal things and they are bad people, etc., etc., etc.***

On one hand I do see it as a revolution. High profile attacks give us (white hat professionals) backing when we make claims that security is not just a cost center but a worthwhile and necessary investment.

On the other hand, average Joe's (including the media and Executives) don't understand these attacks. It's hard to find stories in mainstream outlets that explain the attacks adequately. If there is one thing that scares people, it is the unknown. These attacks take place in a realm that might as well be supernatural as far as an average person is concerned. This type of fear can lead to unnecessary and far reaching efforts to crack down on internet activity. And that is almost as scary as steady string of high-profile attacks.

IMHO of course. ;)

Last edited by jsm725 on Mon Jun 20, 2011 10:04 am, edited 1 time in total.

I'm sure they'll be busting folks for a bit, yet. Even if they get the leader, you KNOW others will chime in, to make it look like nothing happened, or to 'assume' a lead role. Give the authorities some time. They're not done busting, yet...

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

I am glad to see movement against these guys. My only hope is that the authorities can differentiate punishment between leaders and high-school or college kids that think installing LOIC on there personal computers makes them hackers. Should they be punished? Absolutely. Should it ruin the rest of their lives? Absolutely not.

For this sticky situation, My possition would have to be as follows. I agree with the release of information they got from their hacks, HOWEVER I think they should have contacted said companies and informed them of the vulnerabilities without taking the information and posting peoples usernames and passwords online for griefing childish people to get their hands on and use however they please. What they are doing is illegal and as such they should be punished for their crimes, that's assuming they can be tracked down and arrested. I also feel that the LOIC that Anon has used so much is not a hacker tool, since from the information i could find on it tells me it's just for disrupting internet connections. Anyways that's my 2 cents.

Last edited by SithLord2K on Tue Jun 21, 2011 9:35 pm, edited 1 time in total.

Hacking is still hacking whatever word you will say it. Its still not ethical and what they're doing is not that good. Wish it was true that they're after Lulz for what they did. Goodluck and keep us posted on their latest escapade.

tattoo85 wrote:Hacking is still hacking whatever word you will say it. Its still not ethical and what they're doing is not that good.

Well, I don't fully agree with your statement, above. In the context of malicious 'hackers / hacking' I'd agree that it's illegal and unethical. However, the term hacker did NOT originate as an evildoer, nor hacking as an evil practice. In fact, looking up "hack" on http://dictionary.reference.com, yields the following definition:

That does NOT imply wrongdoing, nor does it imply a lack of ethics. The original hackers were those who modified even their OWN code, to do things differently, etc.

This goes back to the debate over using the term "ethical hacker" versus "penetration tester" If used in the correct context, either term is valid, but I tend to prefer to use Penetration Tester, so as to remove doubt.

Edit: But in the context of Lulz, etc, I'd agree... unethical

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'